Bug ID 459929: Policy rules can be evaluated in different order

Last Modified: Jul 13, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.0, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11

Fixed In:
11.6.0, 11.5.2

Opened: Apr 30, 2014

Severity: 4-Minor

Related Article: K19551223


LTM Policy rule ordinal values for ensuring which rules are considered first, second, and so on, can evaluate in other than the configured order.


Unexpected policy actions might be invoked if an out-of-order rule matches the conditions.


If the ordinal value associated with a policy rule is larger than 65536, then there is potential for rules to be evaluated in a different order than expected.


Using the GUI, drag-and-drop rules into desired order, and the system saves the policy rules using within-range ordinals. Alternatively, edit the configuration to make all ordinals fall below 65536. You can do so manually, or by using a script similar to the following: perl -pe 's/000/0/ if (/ordinal\s+\d+/);' /config/bigip.conf > /config/bigip.conf.fixed. Important: Before executing a Perl script, make sure you are familiar with the kinds of changes the script generates.

Fix Information

Policy rules are now evaluated in the expected order.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips